Hui Jin MSc Dissertation 2015/16

Department of Computer Science

Hui Jin MSc Dissertation 2015/16

Static Data Flow Analysis for Finding Security Vulnerabilities in Mobile Applications

Supervised by A.Brucker

Abstract

Apache Cordova is the framework which is used to develop platform-independent mobile application. By using this framework, developer can use modern web technology (HTML5,CSS, JavaScript ) to build mobile application. Cordova framework allows developer to access to device capabilities such as geolocation , camera and battery by JavaScript . However, this feature may lead to the mobile application can be affected by security vulnerabilities of web application. In order to find the security vulnerabilities in Cordova application, the way to build a static data flow analysis tool that based on WALA will be introduced in this thesis. T.J. Watson Libraries for Analysis(WALA) is a Java framework. This frame work is provided by IBM. It is used to analyze Java b ytecode , Java source code, JavaScript code and Dacilik bytecode .

Keyword: static analysis, data flow analysis, Cordova application